When you supply your personal details to this clinic they are stored and processed for a number of reasons. In bold below you will see the relevant terms used in the Data Protection Act 2018 which includes the General Data Protection Regulation.

We record and use the following categories of personal data: name, address, telephone numbers, email address, date of birth, health information including medical history, diagnosis and treatment data.

We need to collect personal information about your health in order to provide you with the best possible care. You requesting an examination/treatment and our agreement to provide that care constitutes as a contract. The lawful basis for processing your health information is the provision of health related services in a chiropractic clinic. You can refuse to give us such information however we would then be unable to provide you with chiropractic care.

It is important that we can contact you in order to confirm/ discuss your appointments with us or to update you on matters related to your medical care. This constitutes “legitimate interest”.

In addition, we may occasionally send you general health information, advice, and clinic newsletters. New patients will be asked if they consent to this method of processing when they first attend the clinic. This consent can be withdrawn at any time.

Retaining your personal Data

We have a legal obligation to retain your record for a minimum of eight years after your last appointment.

How Your Data Is Stored

As we record and use sensitive health data we take the protection of this data very seriously. It is stored in paper files in locked filing cabinets and on our clinic computers which are password protected and backed up regularly. Additionally the clinic is locked and alarmed out of office hours.

Who Has Access to Your Data

The Doctors of Chiropractic and the Clinic Chiropractic Assistants only have regular access to your data. Occasionally your data and health information may be used to contact other health professionals or associations with respect to your care including GPs, Hospitals and Health Insurance companies. Your consent for this will be obtained at the time unless we are required to do so by law.

Your Rights

You have the right to access your data at any time. If you wish to do so, please make such a request in writing/email to the Data Protection Officer, whose details are shown below. Please provide your name, address, telephone, email address and details of the information you require. We will need to verify your identity so we may ask for a copy of ID. You have the right to ask us to correct any data if you believe it is inaccurate or incomplete and provided the legal minimum period has elapsed, you may also ask us to erase your records. Please contact the clinic directly.

Data Breaches

Should your personal data that we control be lost, stolen or otherwise breached, our DPO will deal with this accordingly and without delay.

If you are not satisfied with how we are handling your data or the response of our DPO then you have the right to contact the Information Commissioners Office which you can do through their website: www.ico.org.uk